diff options
author | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2018-06-26 22:09:32 +0300 |
---|---|---|
committer | Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> | 2018-07-28 17:03:11 +0300 |
commit | 5c2a640aff73914e11ac0db310b32d3b7a1b87ad (patch) | |
tree | 26ab375331cfdd09aabc85709bd3c23c7afa04d3 /security/integrity/ima/ima_init.c | |
parent | 58bac8cc3010ccb845572a3512fc16c9aaa5e50e (diff) | |
download | linux-5c2a640aff73914e11ac0db310b32d3b7a1b87ad.tar.xz |
ima: Use tpm_default_chip() and call TPM functions with a tpm_chip
Rather than accessing the TPM functions by passing a NULL pointer for
the tpm_chip, which causes a lookup for a suitable chip every time, get a
hold of a tpm_chip and access the TPM functions using it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Diffstat (limited to 'security/integrity/ima/ima_init.c')
-rw-r--r-- | security/integrity/ima/ima_init.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 29b72cd2502e..1437ed3dbccc 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -27,6 +27,7 @@ /* name for boot aggregate entry */ static const char *boot_aggregate_name = "boot_aggregate"; int ima_used_chip; +struct tpm_chip *ima_tpm_chip; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. @@ -106,17 +107,13 @@ void __init ima_load_x509(void) int __init ima_init(void) { - u8 pcr_i[TPM_DIGEST_SIZE]; int rc; - ima_used_chip = 0; - rc = tpm_pcr_read(NULL, 0, pcr_i); - if (rc == 0) - ima_used_chip = 1; + ima_tpm_chip = tpm_default_chip(); + ima_used_chip = ima_tpm_chip != NULL; if (!ima_used_chip) - pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n", - rc); + pr_info("No TPM chip found, activating TPM-bypass!\n"); rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA); if (rc) |